- Main
- Computers - Security
- Hacking APIs: Breaking Web Application...
Hacking APIs: Breaking Web Application Programming Interfaces
Corey J. BallHow much do you like this book?
What’s the quality of the file?
Download the book for quality assessment
What’s the quality of the downloaded files?
Hacking APIs is a crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.
Hacking APIs is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.
You’ll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you’ll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you’ll learn to perform common attacks, like those targeting an API’s authentication mechanisms and the injection vulnerabilities commonly found in web applications. You’ll also learn techniques for bypassing protections against these attacks.
In the book’s nine guided labs, which target intentionally vulnerable APIs, you’ll practice:
• Enumerating APIs users and endpoints using fuzzing techniques
• Using Postman to discover an excessive data exposure vulnerability
• Performing a JSON Web Token attack against an API authentication process
• Combining multiple API attack techniques to perform a NoSQL injection
• Attacking a GraphQL API to uncover a broken object level authorization vulnerability
By the end of the book, you’ll be prepared to uncover those high-payout API bugs other hackers aren’t finding and improve the security of applications on the web.
Hacking APIs is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.
You’ll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you’ll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you’ll learn to perform common attacks, like those targeting an API’s authentication mechanisms and the injection vulnerabilities commonly found in web applications. You’ll also learn techniques for bypassing protections against these attacks.
In the book’s nine guided labs, which target intentionally vulnerable APIs, you’ll practice:
• Enumerating APIs users and endpoints using fuzzing techniques
• Using Postman to discover an excessive data exposure vulnerability
• Performing a JSON Web Token attack against an API authentication process
• Combining multiple API attack techniques to perform a NoSQL injection
• Attacking a GraphQL API to uncover a broken object level authorization vulnerability
By the end of the book, you’ll be prepared to uncover those high-payout API bugs other hackers aren’t finding and improve the security of applications on the web.
Categories:
Year:
2022
Edition:
Early Access
Publisher:
No Starch Press
Language:
english
Pages:
353
ISBN 13:
9781718502444
File:
PDF, 39.44 MB
Your tags:
IPFS:
CID , CID Blake2b
english, 2022
Read Online
- Download
- pdf 39.44 MB Current page
- Checking other formats...
- Convert to
- Unlock conversion of files larger than 8 MBPremium
The file will be sent to your email address. It may take up to 1-5 minutes before you receive it.
The file will be sent to you via the Telegram messenger. It may take up to 1-5 minutes before you receive it.
Note: Make sure you have linked your account to Z-Library Telegram bot.
The file will be sent to your Kindle account. It may take up to 1–5 minutes before you receive it.
Please note: you need to verify every book you want to send to your Kindle. Check your mailbox for the verification email from Amazon Kindle.
Conversion to is in progress
Conversion to is failed
Premium benefits
- Send to eReaders
- Increased download limit
- File converter
- More search results
- More benefits